package org.apache.isis.security.keycloak.handler;

import org.apache.isis.core.security.authentication.logout.LogoutHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

@Service
/* loaded from: input_file:org/apache/isis/security/keycloak/handler/LogoutHandlerForKeycloak.class */
public class LogoutHandlerForKeycloak implements LogoutHandler {
    private static final Logger log = LoggerFactory.getLogger(LogoutHandlerForKeycloak.class);
    private final RestTemplate restTemplate;

    public LogoutHandlerForKeycloak() {
        this(new RestTemplate());
    }

    public void logout() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null) {
            propagateLogoutToKeycloak((OidcUser) authentication.getPrincipal());
        }
    }

    private void propagateLogoutToKeycloak(OidcUser oidcUser) {
        if (this.restTemplate.getForEntity(UriComponentsBuilder.fromUriString(String.format("%s/protocol/openid-connect/logout", oidcUser.getIssuer())).queryParam("id_token_hint", new Object[]{oidcUser.getIdToken().getTokenValue()}).toUriString(), String.class, new Object[0]).getStatusCode().is2xxSuccessful()) {
            log.info("Successfully logged out in Keycloak");
        } else {
            log.info("Could not propagate logout to Keycloak");
        }
    }

    public boolean isHandlingCurrentThread() {
        return true;
    }

    public LogoutHandlerForKeycloak(RestTemplate restTemplate) {
        this.restTemplate = restTemplate;
    }
}
